Bug#392258: python2.3: memset arguments swapped in Modules/binascii.c

Tue, 10 Oct 2006 15:39:05 -0700 

Package: python2.3
Version: 2.3.5-15
Severity: normal

Hi,

in the source file python2.3-2.3.5/Modules/binascii.c I notice the
following bits of code (starting at line 1048):

        /* We allocate the output same size as input, this is overkill.         
                             * The previous implementation used calloc() so 
we'll zero out the                                   * memory here too, since 
PyMem_Malloc() does not guarantee that.                                    */
        odata = (unsigned char *) PyMem_Malloc(datalen);
        if (odata == NULL) {
                PyErr_NoMemory();
                return NULL;
        }
        memset(odata, datalen, 0);

and (starting at line 1213):

        /* We allocate the output same size as input, this is overkill.         
                             * The previous implementation used calloc() so 
we'll zero out the                                   * memory here too, since 
PyMem_Malloc() does not guarantee that.                                    */
        odata = (unsigned char *) PyMem_Malloc(odatalen);
        if (odata == NULL) {
                PyErr_NoMemory();
                return NULL;
        }
        memset(odata, odatalen, 0);

This will not work as intended since the third memset argument should
be the length of the buffer.  The memset prototype is

       void *memset(void *s, int c, size_t n);

I did not analyse what the implications of this bug are, but I think
it should befixed anyway (if nothing else, then to prevent others from
copying this bit of code).

I hope this helps,
Jochen

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17.13
Locale: LANG=en_GB.iso885915, LC_CTYPE=en_GB.iso885915 (charmap=ISO-8859-15)

Versions of packages python2.3 depends on:
ii  libbz2-1.0                   1.0.3-6     high-quality block-sorting file co
ii  libc6                        2.3.6.ds1-6 GNU C Library: Shared libraries
ii  libdb4.3                     4.3.29-6    Berkeley v4.3 Database Libraries [
ii  libncurses5                  5.5-4       Shared libraries for terminal hand
ii  libreadline5                 5.1-9       GNU readline and history libraries
ii  libssl0.9.8                  0.9.8c-3    SSL shared libraries
ii  zlib1g                       1:1.2.3-13  compression library - runtime

Versions of packages python2.3 recommends:
pn  python2.3-cjkcodecs | python2 <none>     (no description available)
pn  python2.3-cjkcodecs | python2 <none>     (no description available)

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to